Modules on Technology in Indian Banking - Modulewise List of Articles
Module:3 - Internet Banking - Report of RBI Working Group
Other Modules on Customers' Forum
View List of Articles on
Module: 1 - Indian Banking Goes Electronic
Module-2: Computerisation of Payment Systems
Module:4 -Technology Upgradation in the Banking Sector
Project on Internet Banking - Report of RBI Working Group
Legal Issues involved in Internet Banking
The legal framework for banking in India is provided by a set of enactments, viz., the Banking Regulations Act, 1949, the Reserve Bank of India Act, 1934, and the Foreign Exchange Management Act, 1999. Broadly, no entity can function as a bank in India without obtaining a license from Reserve Bank of India under Banking Regulations Act, 1949. Different types of activities which a bank may undertake and other prudential requirements are provided under this Act. Accepting of deposit from public by a non-bank attracts regulatory provisions under Reserve Bank of India Act 1934. Under the Foreign Exchange Management Act 1999, no Indian resident can lend, open a foreign currency account or borrow from a non resident, including non-resident banks, except under certain circumstances provided in law. Besides these, banking activity is also influenced by various enactments governing trade and commerce, such as, Indian Contract Act, 1872, the Negotiable Instruments Act, 1881, Indian Evidence Act, 1872, etc.
As discussed earlier, Internet banking is an extension of the traditional banking, which uses Internet both as a medium for receiving instructions from the customers and also delivering banking services. Hence, conceptually, various provisions of law, which are applicable to traditional banking activities, are also applicable to Internet banking. However, use of electronic medium in general and Internet in particular in banking transactions, has put to question the legality of certain types of transactions in the context of existing statute. The validity of an electronic message / document, authentication, validity of contract entered into electronically, non-repudiation etc. are important legal questions having a bearing on electronic commerce and Internet banking. It has also raised the issue of ability of banks to comply with legal requirements / practices like secrecy of customers account, privacy, consumer protection etc. given the vulnerability of data / information passing through Internet. There is also the question of adequacy of law to deal with situations which are technology driven like denial of service / data corruption because of technological failure, infrastructure failure, hacking, etc. Cross border transactions carried through Internet pose the issue of jurisdiction and conflict of laws of different nation.
This dichotomy between integration of trade and finance over the globe through e-commerce and divergence of national laws is perceived as a major obstacle for e-commerce / i-banking and has set in motion the process of harmonization and standardization of laws relating to money, banking and financial services. A major initiative in this direction is the United Nations Commission on International Trade Law (UNICITRAL)’s Model law, which was adopted by the General Assembly of United Nations and has been recommended to the member nations for consideration while revising / adopting their laws of electronic trade
Government of India has enacted The Information Technology Act, 2000, in order to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ‘electronic commerce’…The Act, which has also drawn upon the Model Law, came into force with effect from October 17, 2000. The Act has also amended certain provisions of the Indian Penal Code, the Indian Evidence Act, 1872, The Bankers Book of Evidence Act, 1891 and Reserve Bank of India Act 1934 in order to facilitate e-commerce in India. However, this Act will not apply to:-
- A negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881;
- A power-of-attorney as defined in section 1A of the Power-of-Attorney Act, 1882;
- A trust as defined in section 3 of the Indian Trusts Act, 1882;
- A will as defined in clause (h) of section 2 of the Indian Succession Act, 192
- Any contract for the sale or conveyance of immovable property or any interest in such property;
- Any such class of documents or transactions as may be notified by the Central Government in the official Gazette.
In the course of providing Internet banking services the banks in India are facing new challenges relating to online opening of accounts, authentication, secrecy of customers accounts, non-repudiation, liability standards and consumer protection, etc., each of which has been examined in the context of existing legal framework
Online opening of account: The banks providing Internet banking service, at present are only willing to accept the request for opening of accounts. The accounts are opened only after proper physical introduction and verification. This is primarily for the purpose of proper identification of the customer and also to avoid benami accounts as also money laundering activities that might be undertaken by the customer. Supervisors world over, expect the Internet banks also to follow the practice of ‘know your customer’
As per Section 131 of the Negotiable Instruments Act, 1881 (the Act) a banker who has in good faith and without negligence received payment for a customer of a cheque crossed generally or specially to himself shall not, in case the title to the cheque proves defective, incur any liability to the true owner of the cheque by reason only of having received such payment. The banker’s action in good faith and without negligence have been discussed in various case laws and one of the relevant passages from the judgment of Justice Chagla in the case of Bapulal Premchand Vs Nath Bank Ltd. (AIR 1946 Bom.482) is as follows:
"Primarily, inquiry as to negligence must be directed in order to find out whether there is negligence in collecting the cheque and not in opening the account, but if there is any antecedent or present circumstance which aroused the suspicion of the banker then it would be his duty before he collects the cheque to make the necessary enquiry and undoubtedly one of the antecedent circumstances would be the opening of the account. In certain cases failure to make enquiries as to the integrity of the proposed customer would constitute negligence".
Further the Supreme Court of India in Indian Overseas Bank Ltd. Vs. Industrial Chain Concern [JT1989(4)SC 334] has stated that as a general rule, before accepting a customer, the bank must take reasonable care to satisfy himself that the person in question is in good reputation and if he fails to do so, he will run the risk of forfeiting the protection given by Section 131 of Negotiable Instruments Act, 1881 but reasonable care depends upon the facts and circumstances of the case. Similarly, the Delhi High Court was also of the view that the modern banking practice requires that a constituent should either be known to the bank or should be properly introduced. The underlying object of the bank insisting on producing reliable references is only to find out if possible whether the new constituent is a genuine party or an imposter or a fraudulent rogue [Union of India Vs National Overseas Grindlays Bank Ltd. (1978) 48 Com.Cases 277 (Del)].
Thus, the introduction of a new customer by a third party reference is a well-recognized practice followed by the banks before opening new accounts in order to prove the reasonable care and absence of any negligence in permitting the new customer to open the account. Further, in order to establish the reasonable care the banks have to make enquiries about the integrity/reputation of the prospective customer. It is not a mere enquiry about the identity of the person. The Group, therefore, endorses the practice presently followed by the banks in seeking proper introduction before allowing the operations of the customers’ accounts. In the context of Internet banking and after the coming into force of the Information Technology Act, 2000, it may be possible for the banks to rely on the electronic signatures of the introducer. But this may have to await till the certification machinery as specified in the Information Technology Act, 2000 comes into operation.
Authentication One of the major challenges faced by banks involved in Internet banking is the issue relating to authentication and the concerns arising in solving problems unique to electronic authentication such as issues of data integrity, non-repudiation, evidentiary standards, privacy, confidentiality issues and the consumer protection. The present legal regime does not set out the parameters as to the extent to which a person can be bound in respect of an electronic instruction purported to have been issued by him. Generally, authentication is achieved by what is known as security procedure. Methods and devices like the personal identification numbers (PIN), code numbers, telephone-PIN numbers, relationship numbers, passwords, account numbers and encryption are evolved to establish authenticity of an instruction. From a legal perspective, the security procedure requires to be recognized by law as a substitute for signature. Different countries have addressed these issues through specific laws dealing with digital signatures. In India, the Information Technology Act, 2000 (the "Act") in Section 3 (2) provides that any subscriber may authenticate an electronic record by affixing his digital signature. However the Act only recognizes one particular technology as a means of authenticating the electronic records (viz, the asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record). This might lead to the doubt of whether the law would recognize the existing methods used by the banks as a valid method of authenticating the transactions. In this regard as noted in paragraph [3.2.2] of Chapter  of this Report, the approach in the other countries has been to keep the legislation technology neutral. The Group is of the view that the law should be technology neutral so that it can keep pace with the technological developments without requiring frequent amendments to the law as there exists a lot of uncertainty about future technological and market developments in Internet banking. This however would not imply that the security risks associated with Internet banking should go unregulated.
Hence, Section 3 (2) of the Information Technology Act 2000 may need to be amended to provide that the authentication of an electronic record may be effected either by the use of the asymmetric crypto system and hash function, or a system as may be mutually determined by the parties or by such other system as may be prescribed or approved by the Central Government. If the agreed procedure is followed by the parties concerned it should be deemed as being an authenticate transaction. A clarification to this effect by way of an amendment of the aforesaid Act will facilitate the Internet banking transactions
Further, the banks may be allowed to apply for a license to issue digital signature certificate under Section 21 of the Information Technology Act, 2000 and become a certifying authority for facilitating Internet banking. The certifying authority acts like a trusted notary for authenticating the person, transaction and information transmitted electronically. Using a digital certificate from trusted certificate authority like a bank shall provide a level of comfort to the parties of an Internet banking transaction. Hence, it is recommended by the Committee that the Reserve Bank of India may recommend to the Central Government to notify the business of the certifying authority under Clause (o) of Section 6(1) of the Banking Regulation Act, 1949, to permit the banks to act as such trusted third parties in e-commerce transactions.
Mode of Payment under the Income Tax Act, 1961: Section 40A(3) of the Income tax Act, 1961, dealing with deductible expenses, provides that in cases where the amount exceeds Rs. 20,000/-, the benefit of the said section will be available only if the payment is made by a crossed cheque or a crossed bank draft. One of the services provided by the banks offering Internet banking service is the online transfer of funds between accounts where cheques are not used, in which the above benefit will not be available to the customers.
The primary intention behind the enactment of Section 40 A of the Income tax Act, 1961 is to check tax evasion by requiring payment to designated accounts. In the case of a funds transfer, the transfer of funds takes place only between identified accounts, which serves the same purpose as a crossed cheque or a crossed bank draft. Hence, the Committee recommends that Section 40A of the Income Tax Act, 1961, may be amended to recognise even electronic funds transfer.
View List of Articles - Projects on Indian Banking
Indian Banking in the Post-Reform Era
Indian Banking - other Pro- jects